Security Directory

F

Frype.com

frype.com

0

Frype.com is a social networking platform focused on connecting users and facilitating friendships. The website offers login functionality and basic social network features. It appears to be associated with the Draugiem group, a known social network entity, as indicated by footer links. The platform targets general social network users and operates with a small-scale business model. Technically, the site uses custom JavaScript libraries and is hosted behind Cloudflare, but lacks modern SSL/TLS security configurations, which is a critical concern. The absence of privacy and cookie policies, as well as contact information, further impacts trust and compliance. Security posture is weak due to invalid SSL certificates and missing security headers. Overall, the site is accessible but requires significant improvements in security and privacy compliance to meet modern standards.

A

AB180 Inc.

airbridge.io

0

Airbridge is a technology company specializing in mobile measurement platform (MMP) solutions that unify attribution across multiple platforms including Android, iOS, web, PC, and console. Positioned as a transparent and cost-effective alternative to major competitors, Airbridge offers comprehensive services such as predictive LTV analytics, fraud protection, deep linking, and real-time marketing analytics. The company targets app marketers and developers seeking granular insights without paywalls or upsells. Technically, the website is built on Webflow and integrates modern JavaScript libraries and analytics tools like Google Tag Manager and Amplitude, demonstrating a mature digital infrastructure. However, a critical security concern is the invalid SSL certificate and lack of TLS protocol support, which significantly impacts the security posture. Privacy compliance is strong with clear policies and cookie consent mechanisms. Overall, the business presents a professional and trustworthy front but must urgently address SSL and TLS issues to ensure secure user interactions.

B

Blendee S.r.l.

blendee.com

0

Blendee S.r.l. operates a leading Italian marketing automation platform that combines Customer Data Platform and Data Management Platform capabilities to deliver personalized omnichannel marketing experiences. The company targets businesses seeking advanced marketing automation and data analytics solutions, positioning itself as a market leader in Italy and Europe. Their SaaS platform integrates with numerous digital marketing and analytics tools, supporting a comprehensive marketing operating system. Technically, the website is built on Webflow, uses Cloudflare CDN, and incorporates modern JavaScript libraries and tracking tools. However, the SSL certificate is invalid or missing, which significantly impacts the security posture. Privacy and cookie policies are comprehensive and GDPR compliant, with active consent mechanisms. Overall, the website is professional, content-rich, and trustworthy, but the security configuration requires urgent improvement to ensure secure communications and user trust.

Z

Zip.lv

zip.lv

0

Zip.lv is a well-established Latvian online classified ads platform, operating since 2008, offering a wide range of categories including transport, real estate, jobs, and various goods and services. The website targets Latvian-speaking users seeking a centralized marketplace for buying, selling, and exchanging items and services. It maintains a consistent brand presence and provides clear contact information and comprehensive privacy and cookie policies, demonstrating good compliance with GDPR requirements. Technically, the site utilizes a variety of modern web technologies and third-party services such as jQuery, Google Fonts, FontAwesome, Google Analytics, Facebook SDK, and Stripe for payments. It is hosted behind Cloudflare, indicating a robust hosting infrastructure. However, the site suffers from a critical security issue: the absence of a valid SSL certificate and lack of HTTPS support, which severely impacts its security posture and user trust. The security posture is weak due to missing HTTPS, no HSTS, no security headers, and no DMARC or DNSSEC configurations. Despite this, the site employs a detailed consent management platform with extensive vendor disclosures, reflecting a strong commitment to privacy compliance and transparency. The site integrates numerous advertising and analytics vendors, indicating extensive user tracking and data collection practices. Overall, while the business and privacy compliance aspects are strong, the lack of HTTPS and related security measures present a significant risk. Addressing these security gaps is critical to improving user trust and safeguarding data. The site’s performance is slow, likely due to large page size and numerous resources, suggesting opportunities for optimization.

T

Tabular Editor

tabulareditor.com

0

Tabular Editor is a technology company specializing in providing a productivity tool for Analysis Services and Power BI Tabular modeling. Their flagship product, Tabular Editor 3, is positioned as a trusted solution among BI professionals worldwide, offering features to build, debug, and optimize data models efficiently. The website reflects a professional and well-branded presence with comprehensive content, testimonials, and clear calls to action for purchasing or trialing the software. Technically, the site is built on HubSpot CMS with integrations for analytics and marketing, but suffers from slow load times and lacks a valid SSL certificate, which impacts security and user trust. Privacy and cookie policies are present and GDPR compliant, with a consent mechanism implemented. Overall, the business demonstrates strong market positioning and credibility but needs to address critical security issues to improve trust and compliance.

Security assessment completed with an overall score of 50/100 (unknown risk). Total of 7 security findings identified across all modules.

T

twoday

twoday.dk

0

twoday is a large Danish technology company specializing in digital transformation, AI, software engineering, business applications, and cloud platform services. With over 3,000 specialists and more than 8,000 customers across the Nordic region, twoday positions itself as a leading Microsoft Solution Partner delivering comprehensive IT consulting and digital solutions for private and public sectors. The website is professionally designed, content-rich, and well-branded, targeting organizations seeking advanced technology services. Technically, the site leverages HubSpot CMS and modern JavaScript libraries but lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security concern. Security headers are present but cannot compensate for the missing SSL/TLS configuration. Privacy compliance is strong with clear privacy and cookie policies and a consent mechanism. Overall, the site demonstrates good digital maturity but requires urgent security improvements to meet modern standards.

T

twoday

twoday.lt

0

twoday is a large IT services company based in Lithuania, specializing in advanced software development, software modernization, and business analytics and AI solutions primarily for the Nordic and Northern European markets. The company positions itself as a leading technology partner with a strong focus on SaaS products and digital transformation, serving over 8000 customers with nearly 3000 employees. The website is professionally designed, content-rich, and well-structured, leveraging HubSpot CMS and modern JavaScript libraries for enhanced user experience and marketing analytics. However, a critical security concern is the invalid or missing SSL certificate and lack of enabled TLS protocols, which significantly impacts the security posture and trustworthiness of the site. Privacy and cookie policies are present and integrated with consent management tools, indicating good privacy compliance. No explicit terms of service or security incident response policies are publicly disclosed. Strategic improvements in SSL configuration and security best practices are recommended to enhance overall security and trust.

T

twoday

twoday.se

0

twoday is a large Nordic IT consultancy specializing in IT consulting, data and AI, software engineering, digital experiences, business applications, and cloud platforms with security focus. The company serves over 8,000 clients in both public and private sectors, supported by a team of 2,700 technology experts. The website is professionally designed, content-rich, and well-structured, targeting large and medium-sized organizations primarily in Sweden and the Nordic region. Technically, the site uses HubSpot CMS, Bootstrap, jQuery, and modern JavaScript libraries, hosted behind Cloudflare. However, the SSL/TLS configuration is currently invalid or missing, which significantly impacts the security posture. Security headers are present but cannot compensate for the lack of valid HTTPS. Privacy compliance is strong with a clear privacy policy, cookie policy, and consent mechanisms implemented via Cookiebot. Contact information is clearly provided including email, phone, and a contact form. Overall, the site is professional and trustworthy but requires urgent SSL/TLS fixes to improve security and trust.

T

twoday

twoday.no

0

twoday is a leading Nordic IT solutions provider specializing in digital transformation, data-driven technologies, and consultancy services for both public and private sectors. The company offers a broad range of services including Data & AI, Software Engineering, Digital Experiences, Business Applications, and Cloud Platforms and Security. Their market position is strong, supported by strategic partnerships with government agencies and recognition as a top employer. Technically, the website is built on HubSpot CMS with modern JavaScript libraries and frameworks, hosted via Cloudflare, and integrates multiple marketing and analytics tools. However, a critical security gap exists due to the absence of a valid SSL/TLS certificate and disabled HTTPS protocols, which significantly impacts the security posture. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the website presents a professional and trustworthy image but requires urgent remediation of its SSL configuration to ensure secure communications and maintain trust.

T

twoday

twoday.com

0

twoday is a large Nordic IT services company specializing in software development, data & AI solutions, consulting, and digital transformation services for public and private sector clients. The company holds a strong market position as a Nordic leader in AI and data engineering, reinforced by strategic acquisitions such as Kaito Insight and major contracts with government agencies. Their website reflects a mature digital presence built on HubSpot CMS, leveraging modern JavaScript libraries and cloud hosting via Cloudflare. Security posture is strong with HTTPS enforcement, security headers, and no detected vulnerabilities, though improvements in HSTS and transparency compliance are recommended. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, twoday demonstrates a professional, trustworthy, and technically sound online presence suitable for its B2B audience.

Hyundai Motor Group operates as a major global automotive manufacturer primarily serving the transportation sector. The website analyzed is minimal, consisting solely of a redirect script with no substantive content, metadata, or user-facing information. This limits the ability to assess the company's digital maturity or customer engagement through this domain. Technically, the site lacks a valid SSL certificate and does not support HTTPS, exposing it to significant security risks and undermining user trust. No privacy, cookie, or terms of service policies are present, indicating poor compliance posture. Overall, the website appears to be a placeholder or gateway rather than a full corporate site, which restricts comprehensive analysis and suggests the need for significant improvements in web presence and security.

Security assessment completed with an overall score of 50/100 (unknown risk). Total of 7 security findings identified across all modules.

T

twoday

twoday.fi

0

twoday.fi is the official website of twoday, a large Finnish technology consulting company specializing in digital transformation, data and AI solutions, business applications, and software development. The company serves Finnish enterprises and public sector clients, positioning itself as a leading Nordic technology partner with a strong workforce of 3000 experts. The website is built on HubSpot CMS, hosted behind Cloudflare, and employs modern web technologies and security best practices. Security headers and HTTPS are properly configured, with minor recommendations for enhancement. Privacy and cookie policies are comprehensive and GDPR compliant, supported by a consent mechanism. The site features rich content including client case studies, blog posts, and news updates, reflecting a mature digital presence. Overall, the website demonstrates a high level of professionalism, technical maturity, and security awareness, making it a trustworthy platform for its target audience.

T

twoday Oy

signom.com

0

Signom is a Finnish electronic signature service operated by twoday Oy, providing users with a platform to sign documents digitally using bank credentials. The service targets Finnish-speaking individuals and businesses seeking a quick and easy way to sign documents electronically. The website offers basic content with language options and clear navigation for login and registration. Technically, the site uses standard web technologies including jQuery and Google Fonts, hosted on Google Cloud infrastructure. Performance is moderate with some room for optimization. Security posture is adequate with HTTPS enabled and valid SPF and DMARC DNS records; however, improvements are needed in security headers, HSTS, and certificate transparency compliance. Privacy and cookie policies are present but lack advanced consent mechanisms. Overall, the site is functional and trustworthy but would benefit from enhanced security and privacy features to improve compliance and user trust.

O

Oma Säästöpankki Oyj

omasp.fi

0

Oma Säästöpankki Oyj operates as a Finnish savings bank providing comprehensive banking services to both individual and corporate customers. The company emphasizes personalized customer service through digital channels, direct phone contact, and physical branches. Their market position is that of a trusted, customer-centric financial institution with a strong local presence in Finland. Key services include loans, savings, investments, and digital banking solutions. The website reflects a mature digital infrastructure built on Drupal CMS, hosted on AWS, and integrates modern marketing and analytics tools such as Google Tag Manager and Cookiebot for privacy compliance. Security posture is robust with HTTPS enforced, strong cipher suites, and OCSP stapling, though improvements like TLS 1.3 and HSTS could enhance security further. Privacy compliance is well addressed with clear cookie consent mechanisms and GDPR-aligned policies. Overall, the website is professional, trustworthy, and user-friendly, though performance optimization could be improved due to a relatively slow load time.

H

Highspot

highspot.com

0

Highspot is a leading sales enablement platform provider offering a unified, AI-driven solution to improve marketing effectiveness, sales productivity, and revenue growth. The company targets global enterprise customers and provides a comprehensive suite of tools including sales content management, playbooks, buyer engagement, training, coaching, and analytics. Recognized by industry analysts and awards, Highspot holds a strong market position in the technology sector. The website demonstrates a mature digital presence with extensive marketing and analytics integrations, professional design, and comprehensive privacy compliance. However, the absence of a valid SSL certificate and HTTPS support represents a critical security vulnerability that undermines user trust and data protection. The site lacks explicit security and incident response policies, which could be improved to enhance overall security posture. Performance is suboptimal with slow load times and large page size, suggesting opportunities for optimization. Strategic recommendations include immediate remediation of SSL/TLS issues, enabling modern security protocols, and enhancing transparency around security policies to strengthen trust and compliance.

J

JAGGAER

jaggaer.com

0

JAGGAER is an enterprise-level provider of AI-powered source-to-pay and supplier collaboration software solutions. The company targets procurement, finance, IT, and supply chain professionals across multiple industries including education, manufacturing, healthcare, and financial services. Their platform integrates a comprehensive suite of tools covering category management, contracts, invoicing, payments, and supply chain collaboration, positioning them as a leading player in the procurement software market. Technically, the website is built on WordPress with the Divi theme and leverages modern JavaScript libraries and plugins for enhanced user experience and content management. While the site employs Cloudflare for CDN and security, the SSL certificate appears invalid or misconfigured, which is a significant security concern. Security headers such as HSTS and CSP are implemented, indicating a good security posture, but the SSL issues reduce the overall security score. The site demonstrates good privacy compliance with clear privacy and cookie policies, including consent mechanisms. Overall, the website is professionally designed, content-rich, and well-structured, supporting a high level of business credibility and trustworthiness.

O

Onninen Oy

onninen.com

0

Onninen Oy is a large technical wholesale company specializing in HEPAC, electrical, refrigeration, and energy products. It serves contractors, industry, infrastructure builders, and retail dealers primarily in Finland and several other European countries through a network of physical stores and electronic channels. The company is part of the K Group, a significant player in building and technical trade with substantial international presence. Technically, the website is built using modern frontend technologies such as React and Next.js and uses Google Tag Manager for analytics. However, the website suffers from a lack of a valid SSL certificate, resulting in no HTTPS support, which is a critical security flaw. The site also lacks privacy and cookie policies, security headers, and other best practices, which impacts its security posture and privacy compliance negatively. Performance is slow, but mobile optimization and content quality are good, with clear business information and consistent branding. Overall, the website is functional but requires urgent improvements in security and privacy compliance to meet modern standards.

K

Kesko Oyj

k-lataus.fi

0

K-Lataus is a nationwide electric vehicle charging network operated under Kesko Oyj and its subsidiary K-Auto. The service offers a comprehensive network of charging stations across Finland, including basic, fast, and high-power charging options, all powered by renewable energy, primarily domestic wind power. The platform supports both private and corporate customers with features such as mobile applications, RFID tags, and corporate accounts. The website provides extensive content including news, instructions, pricing, and customer support, reflecting a mature and customer-focused business model. Technically, the website is built on Microsoft IIS with ASP.NET backend, uses Contentful CMS for content management, and employs modern JavaScript libraries such as jQuery and lazy loading for images. The site is hosted on Elisa's infrastructure with CDN usage for assets. However, the site lacks a valid SSL/TLS certificate and does not serve content over HTTPS, which is a significant security concern. DNS configuration lacks DNSSEC and CAA records, and security headers and best practices are minimal. Security posture is weak due to missing HTTPS and related protections, although no active vulnerabilities like Heartbleed or POODLE were detected. Privacy compliance is good with clear privacy and cookie policies, GDPR adherence, and strong DMARC email policies. Business credibility is high with clear company information, extensive content, and active customer engagement. Overall, while the business and content quality are excellent, the lack of HTTPS and modern security configurations significantly lowers the security score and overall risk posture. Addressing these security gaps is critical to protect user data and maintain trust.

K

Kesko Oyj

k-business.fi

0

K-Business.fi is a Finnish corporate credit card service website operated under Kesko Oyj and issued by Oma Säästöpankki Oyj. The site promotes the K-Business Credit card, which combines Visa credit capabilities with Plussa loyalty benefits and partner discounts. The target audience is Finnish businesses seeking flexible payment solutions with integrated loyalty rewards. The website is built on modern web technologies including Next.js and Contentful CMS, providing a professional and content-rich user experience. However, the site lacks a valid SSL certificate and does not support TLS protocols, which severely impacts its security posture. Privacy and cookie policies are comprehensive and GDPR compliant, but direct contact information such as emails or phone numbers is not explicitly provided, relying instead on contact forms and external links. Overall, the site demonstrates strong business credibility and branding but requires urgent security improvements to protect user data and ensure trust.

B

Becca

hellobecca.com

0

Becca is a hospitality advisory and communications agency with a strong market presence, operating from offices in New York, Los Angeles, and London. The company focuses on shaping stories, honing visions, and growing audiences for hospitality brands, positioning itself as a strategic partner in the hospitality industry. Their key services include communications, experiences, social media, and strategic advisory through their Parrish Co brand. The website reflects a professional and modern digital presence, leveraging WordPress and associated technologies to deliver a rich user experience with strong SEO and social media integration. Security posture is good with HTTPS, modern TLS protocols, and Cloudflare CDN, though some advanced security headers and DNS protections could be improved. Privacy and cookie policies are present and GDPR compliant, with user data collected primarily via secure forms. Overall, the site demonstrates high professionalism and trustworthiness, suitable for its target audience in the hospitality sector.

K

kespro.fi

kespro.fi

0

Kespro.fi appears to be a retail-oriented website associated with the Kesko group, a large Finnish retail company. The site uses modern web technologies such as Angular and monitoring tools like Dynatrace, indicating a moderate level of digital maturity. However, the website content is minimal and largely script-driven, with no visible textual content or metadata such as privacy policies or contact information. The security posture is weakened by the absence of a valid SSL certificate and lack of HTTPS support, despite the presence of strong security headers like Content Security Policy and HSTS. This creates a significant risk for user data confidentiality and trust. Overall, the site requires urgent improvements in SSL configuration and privacy compliance to meet modern security and regulatory standards.

N

Neste

neste.fi

0

Neste is a leading Finnish energy company specializing in renewable fuels, heating oils, and transportation services. The website targets private consumers and businesses in Finland, offering a broad range of services including fuel retail, electric vehicle charging, car washes, and customer loyalty programs. The company maintains a strong market position with a comprehensive service station network and a focus on sustainability. Technically, the website is built on modern frameworks such as React and Next.js, hosted on Microsoft Azure, and employs advanced cookie consent and optimization tools. However, the SSL certificate is currently invalid or missing, which impacts the security posture. Security headers are well implemented, but improvements in SSL and TLS configurations are recommended. Privacy compliance is strong with clear policies and consent mechanisms. Overall, the website is professional, user-friendly, and trustworthy, but addressing SSL issues is critical to enhance security and user trust.

Security assessment completed with an overall score of 50/100 (unknown risk). Total of 6 security findings identified across all modules.

B

Becca

beccapr.com

0

Becca is a hospitality advisory and communications agency with a strong market presence in the hospitality sector, operating from offices in New York, Los Angeles, and London. The company offers strategic advisory, communications, experiences, and social services, targeting hospitality brands and businesses seeking to enhance their market relevance and audience engagement. The website reflects a premium brand image with professional design, rich content, and clear navigation, supported by modern web technologies and SEO best practices. However, the technical infrastructure shows gaps in security, notably the absence of a valid SSL certificate and lack of HTTPS, which significantly impacts the security posture. Privacy and cookie policies are present, indicating some compliance awareness, but no explicit security or incident response policies are found. Overall, the site is functional and professional but requires urgent security improvements to protect user data and enhance trust.

O

Onninen Oy

onninen.fi

0

Onninen Oy is a leading Finnish technical wholesaler specializing in HVAC, electrical, refrigeration, and energy products. The company serves professional customers through a comprehensive e-commerce platform and a nationwide network of Express stores. Onninen emphasizes energy efficiency and sustainability, offering a broad range of products including solar panels, heat pumps, and smart home solutions. Their digital maturity is evident with integrated services such as mobile apps, procurement system interfaces, and extensive product information. Security posture is strong with HTTPS, HSTS, CSP, and secure cookie practices. Privacy compliance is robust with clear policies and consent mechanisms. Overall, Onninen presents a professional, trustworthy, and well-structured platform supporting its business operations and customer engagement.

K

Kespro

kespro.com

0

Kespro is a large Finnish foodservice wholesaler owned by Kesko Oyj, serving a broad range of customers including restaurants, hotels, cafes, public institutions, and retail chains. The company positions itself as the largest foodservice wholesaler in Finland, offering extensive product selections and digital services to enhance customer experience. The website reflects a professional and well-branded digital presence with comprehensive content and clear navigation, targeting hospitality and retail sectors in Finland. Technically, the site uses modern JavaScript frameworks such as React and integrates marketing and consent management tools like Google Tag Manager and OneTrust. However, the site suffers from a critical security issue: the SSL certificate is invalid or missing, and HTTPS is not enabled, exposing users to potential risks. Security headers are absent, and performance is slow with a high page load time. Privacy compliance is strong with clear policies and consent mechanisms. Contact information is complete and prominently displayed, including phone, email, and physical address. Social media presence is active across major platforms. Overall, the site is professional and content-rich but requires urgent security improvements to protect users and enhance trust.

K-Plussa is a comprehensive loyalty program operated by Kesko, a major Finnish retail company. The website serves as a portal for members to access personalized offers, manage their membership, and learn about benefits across a wide network of retail and service partners. The program targets Finnish consumers, including specific segments such as students and shareholders, positioning itself as the leading loyalty program in Finland with extensive partner integration. Technically, the site is built using modern web technologies including React and styled-components, hosted behind Cloudflare, and integrates Google Tag Manager for analytics. However, the site lacks a valid SSL certificate, which severely impacts its security posture. While privacy and cookie policies are well documented and GDPR compliant, the absence of HTTPS and security headers exposes the site to risks. Overall, the site is functional and professionally designed but requires urgent security improvements to protect user data and maintain trust.

B

Budget Sport

budgetsport.fi

0

Budget Sport is a Finnish-based large retail e-commerce platform specializing in affordable sportswear and equipment. It operates under the parent company Intersport Finland Oy and targets Finnish consumers with a broad product range including running, cycling, football, and golf gear. The website is well-structured with clear navigation, multiple product categories, and a consistent brand presence. Technical infrastructure includes modern web technologies such as lazy loading and templating, hosted via Cloudflare with integration of Google Tag Manager and Google Maps API. However, the site currently suffers from a critical security issue: the SSL certificate is invalid or missing, and TLS protocols are disabled, severely impacting the security posture. Despite this, privacy and cookie policies are comprehensive and GDPR compliant, and contact information is clearly provided. Overall, the site scores well on content quality and business credibility but requires urgent remediation of SSL/TLS configuration to improve security and trust.

K

K-Auto Oy

k-auto.fi

0

K-Auto Oy is a prominent automotive company in Finland offering a comprehensive range of services including new and used car sales, leasing, financing, maintenance, and repair services. The company operates multiple dealerships across Finland and represents several major automotive brands such as Volkswagen, Audi, Porsche, SEAT, CUPRA, and Bentley. Their business model focuses on providing a seamless customer experience from vehicle acquisition to after-sales services, supported by digital tools and loyalty programs like Plussa. K-Auto is part of the larger Kesko Group, enhancing its market position and operational capabilities. Technically, the website is built on modern frameworks including Next.js and React, hosted via Cloudflare, and managed through the Contentful CMS. The site demonstrates good mobile optimization, accessibility, and SEO practices, although performance metrics are moderate. The presence of comprehensive legal and privacy documentation indicates a mature approach to compliance and customer trust. From a security perspective, while the site employs some security headers and uses HTTPS, the SSL certificate is currently invalid or missing, which is a critical vulnerability. The absence of DNSSEC and CAA records further indicates potential areas for security enhancement. No explicit incident response or vulnerability disclosure policies were found. Overall, K-Auto presents a professional and trustworthy digital presence with strong business credibility and customer focus. However, addressing the SSL certificate issues and enhancing security configurations are essential to maintain user trust and comply with best practices.

R

Rautakauppa - K-Rauta

k-rauta.fi

0

Security assessment completed with an overall score of 50/100 (unknown risk). 1 critical issues require immediate attention. Total of 22 security findings identified across all modules.

T

Taikala Oy

clubway.de

0

Clubway is a cloud-based SaaS platform developed by Taikala Oy, specializing in administrative software for sports clubs. It offers comprehensive features such as member management, course registrations, event scheduling, attendance tracking, financial management, and mobile app support. The company is well-positioned in the European market with over 950 clubs as customers, emphasizing GDPR compliance and user-friendly solutions. Technically, the website leverages modern frameworks like React and Gatsby, hosted on AWS infrastructure, but suffers from slow load times and lacks a valid SSL certificate, impacting security posture. Privacy compliance is strong with clear policies and consent mechanisms. Security weaknesses include missing HTTPS and modern TLS protocols, which are critical to address. Overall, Clubway presents a professional and trustworthy service with room for technical and security improvements.

B

Brookfield Real Estate Income Trust

brookfieldreit.com

0

Brookfield Real Estate Income Trust (Brookfield REIT) is a large-scale real estate investment trust providing individual investors access to private real estate opportunities focused on income generation and capital appreciation. The company leverages a global network of experts and a partnership with Brookfield Oaktree Wealth Solutions to deliver diversified real estate investment products. The website is professionally designed, content-rich, and targets both individual investors and financial advisors with clear calls to action and comprehensive disclosures. Technically, the site is built on Drupal 10, hosted on Pantheon infrastructure, and employs modern web technologies including Google Tag Manager and OneTrust for cookie consent. The site is mobile optimized, accessible, and SEO friendly with structured data enhancing search visibility. Performance is fast with no blocking or WAF detected. Security posture is solid with HTTPS enforced and key security headers present, though improvements are recommended in HSTS configuration and DNS security (DNSSEC, CAA). No critical vulnerabilities or exposed sensitive data were found. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the site demonstrates a mature digital presence with strong business credibility and trust indicators. Strategic recommendations include enhancing DNS security, strengthening HSTS policies, and publishing explicit security and incident response policies to further improve trust and compliance.

WAcademy Global operates as a technology company specializing in web hosting services, including WordPress and WooCommerce hosting solutions. The website serves primarily as a client login portal and product showcase, targeting customers seeking hosting and related technology services. The business model is service-oriented, leveraging the WHMCS platform for client management and billing. The market position appears to be that of a niche or small-scale hosting provider with a moderate level of branding consistency and basic content quality. Technically, the website employs a WHMCS-based CMS with JavaScript, Google reCAPTCHA for bot protection, and FontAwesome for icons. The SSL certificate is valid but uses an unknown algorithm and a relatively short key length, which may warrant review. Performance is suboptimal with a slow load time and a large page size, and accessibility and SEO optimizations are basic. The site lacks advanced security headers and cookie consent mechanisms, indicating room for improvement in security and privacy compliance. From a security perspective, HTTPS is enforced with a valid certificate, and the login form is protected by invisible Google reCAPTCHA. However, the absence of security headers, DNSSEC, and CAA records, along with no visible vulnerability disclosure or incident response policies, suggests a moderate security posture. No critical vulnerabilities or exposed sensitive data were detected. Privacy compliance is partial, with a privacy policy and terms of service linked externally but no cookie consent or GDPR-specific indicators. Overall, the website presents a functional but basic digital presence with moderate security and privacy practices. Strategic improvements in security headers, SSL configuration, privacy compliance, and performance optimization would enhance trust and user experience. The lack of direct contact emails or phone numbers limits immediate customer support visibility, which could be addressed to improve business credibility.

B

Brookfield

brookfield.com

0

Brookfield is a globally recognized investment firm specializing in managing and investing in high-quality assets across sectors such as renewable energy, infrastructure, private equity, real estate, and credit. The company targets institutional investors, financial advisors, and shareholders, offering a diversified portfolio and long-term value creation. The website reflects a mature digital presence with a professional design, comprehensive content, and multi-language support. Technically, the site is built on Drupal 10, hosted on Pantheon, and integrates modern tools like Google Tag Manager and OneTrust for privacy compliance. However, the security posture is weakened by an invalid SSL certificate and lack of enabled TLS protocols, which poses a significant risk. Privacy and cookie policies are well implemented with consent mechanisms, and business credibility is high due to clear branding and detailed investor information. Overall, the site is functional and professional but requires urgent remediation of SSL/TLS issues to improve security and trust.

H

H/Advisors Global Ltd

h-advisors.global

0

H Advisors is a global strategic communications consultancy specializing in enhancing corporate reputation, trust, and impact. The company offers a broad range of services including crisis management, corporate communications, digital strategy, investor relations, litigation support, M&A advisory, public affairs, sustainability, and transformation. With over 40 offices and 1500+ people across 20+ countries, H Advisors positions itself as a trusted partner for organizations navigating complex financial, legal, and regulatory environments. The website reflects a professional and consistent brand image targeting corporate and institutional clients. Technically, the website is built on WordPress and leverages modern JavaScript libraries such as Swiper.js and Choices.js for UI components, along with Friendly Captcha and Tarteaucitron for privacy and consent management. However, the site suffers from a lack of a valid SSL certificate and does not enable HTTPS or modern TLS protocols, which is a critical security deficiency. Performance is slow with a load time exceeding 8 seconds, and no security headers are present, indicating room for significant improvement in security posture. From a security perspective, the absence of HTTPS and security headers exposes visitors to potential risks, undermining trust and compliance with modern web security standards. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Contact information is limited to a contact form, with no direct emails or phone numbers publicly listed. The site uses Google Analytics for user tracking with moderate tracking levels. Overall, while the business and content quality are excellent, the technical and security shortcomings significantly impact the website's trustworthiness and user safety. Strategic improvements in SSL deployment, security headers, and performance optimization are recommended to enhance the site's security posture and user experience.

P

Prosek Partners

prosek.com

0

Prosek Partners is a well-established integrated communications and marketing firm with over 30 years of experience, primarily serving clients in finance, investor relations, and related sectors. The company offers a broad range of services including PR, crisis management, digital marketing, and public affairs, positioning itself as a future-focused leader in its industry. The website reflects a professional and polished brand image with comprehensive content and strong SEO and accessibility features. Technically, the site is built on WordPress with modern plugins and integrations but suffers from a critical security shortfall due to the absence of a valid SSL certificate and HTTPS enforcement. This significantly impacts the security posture and trustworthiness from a technical perspective. Privacy and cookie policies are present and indicate GDPR compliance, though no explicit security or incident response policies are published. Overall, the site is user-friendly and credible but requires urgent security improvements to protect user data and enhance trust.

M

Momentin Group Oy

momentingroup.com

0

Momentin Group Oy is a Finnish holding company fully owned by the Lehdon family, operating primarily in the hospitality sector with a focus on beverage products and restaurant services. The group comprises approximately 150 experts and leverages over 30 years of industry experience. Their subsidiaries include Brew Seeker, Restaurants, Mallaskoski, eDrinks, Momentin Baltics, and various minority ownerships. The website presents a professional and consistent brand image with good content quality and clear navigation, targeting both B2B and B2C audiences within the hospitality industry in Finland. Technically, the website is built on WordPress with WooCommerce and uses modern frontend technologies such as Bootstrap and jQuery. Hosting is provided via WP Engine with Cloudflare as a CDN and security proxy. SEO is supported by structured data (JSON-LD) and Yoast SEO plugin. However, performance metrics are unavailable, and accessibility is basic. The site is mobile optimized and includes cookie consent mechanisms. From a security perspective, the website has critical deficiencies. There is no valid SSL certificate detected, and no TLS protocols are enabled, resulting in a lack of HTTPS protection. Security headers are partially implemented but could be improved. DNS security features such as DNSSEC and CAA records are missing, and no DMARC record is present for email protection. These issues expose the site to potential interception and phishing risks. Overall, the site scores moderately on content and business credibility but poorly on security posture. Strategic improvements in SSL/TLS deployment, DNS security, and privacy compliance are recommended to enhance trust and protect user data.

The website k-ruoka.fi is currently inaccessible due to a Cloudflare Turnstile human verification challenge page that blocks access to the actual content. As a result, no meaningful business, privacy, or security information can be extracted from the site. The technical infrastructure indicates hosting on Amazon AWS with Cloudflare DNS and security services. However, the SSL configuration is invalid or missing, and no modern TLS protocols are enabled, which is a critical security concern. The site performance is poor with a high load time, and no SEO or accessibility features are detectable. Overall, the security posture is weak due to lack of HTTPS and security headers, and the privacy compliance cannot be assessed due to blocked content. The AI overall score is low at 25 due to these critical issues and content inaccessibility.

Vastuullinentiede.fi is a Finnish government-supported platform dedicated to promoting responsible science, research ethics, and open science within the Finnish research community. It serves as a coordination and informational hub linking several authoritative Finnish scientific and ethical organizations. The website targets researchers, academic institutions, and policymakers, providing articles, events, and guidelines to foster responsible research practices. Technically, the site is built on Drupal 9 with responsive design and uses Matomo for analytics with cookies disabled, reflecting a moderate level of digital maturity. However, the site suffers from a lack of a valid SSL certificate, resulting in no HTTPS support, which significantly impacts its security posture. No privacy or cookie policies were found, and security headers are absent, indicating gaps in compliance and security best practices. Overall, the site is professionally presented with good content relevance and navigation but requires urgent improvements in security and privacy compliance to enhance trust and protect users.

G

Grey Willow Technologies

gwillow.eu

0

Grey Willow Technologies is a small cybersecurity consulting firm based in Latvia, specializing in incident response, strategic readiness, technical assurance, and managed security services. The company positions itself as a trusted cybersecurity consultant helping organizations mitigate threats and recover from security incidents. The website is built on WordPress using Elementor and integrates Google Analytics for user tracking. However, the site lacks a valid SSL certificate, serving content over HTTP, which poses a significant security risk. No privacy or cookie policies are present, and no explicit security or incident response policies are disclosed. Contact information including email, phone, and physical address is clearly provided, along with a LinkedIn social media presence.

P

PricewaterhouseCoopers LLP

taxpackagesupport.com

0

TaxPackageSupport.com is a professional service portal operated by PricewaterhouseCoopers LLP (PwC) providing tax information and support specifically for investors in publicly traded partnerships. The platform offers user registration, secure login, and access to K-1 tax documents, with an optional premium service for enhanced features such as bulk downloads and tracking. The site is clearly branded with PwC identity and targets a niche financial audience requiring specialized tax document access. Technically, the site uses ASP.NET MVC framework, JavaScript libraries including jQuery and FontAwesome, and integrates Microsoft Application Insights for telemetry and Google reCAPTCHA for bot protection. However, the site suffers from a lack of a valid SSL certificate and modern TLS protocols, resulting in a weak security posture. Privacy and terms of service policies are comprehensive and GDPR compliant, but no explicit security or incident response policies are found. Overall, the site is functional and professional but requires urgent security improvements to protect user data and enhance trust.

1

17Capital

17capital.com

0

17Capital is a specialized private credit manager focused on providing NAV finance solutions to private equity investors and management companies globally. Founded in 2008 and headquartered primarily in the UK and US, the firm has established itself as a leading player in the private equity finance sector, offering a range of financing products tailored to portfolio growth and liquidity needs. The website reflects a professional and content-rich digital presence, leveraging WordPress and WP Engine hosting, with strong SEO and structured data implementations to enhance discoverability and user engagement. However, the technical infrastructure shows gaps in SSL certificate validity and HTTPS enforcement, which undermines security posture despite well-configured security headers. The site integrates multiple marketing and analytics tools, including Google Analytics and HubSpot, but lacks a cookie consent mechanism, indicating partial privacy compliance. Contact mechanisms rely on forms and partner emails, with no direct phone or physical address details prominently displayed. Overall, the website demonstrates high business credibility and professionalism but requires urgent remediation of SSL issues and enhanced privacy compliance to improve security and user trust.

O

Oaktree Capital Management, L.P.

oaktreesicav.com

0

Oaktree SICAV website represents a financial services entity specializing in Luxembourg-domiciled investment funds. The site targets investors seeking diversified investment opportunities managed by an established asset management firm, Oaktree Capital Management, L.P. The business model focuses on fund management and providing market insights. Technically, the site is built on ASP.NET and Sitefinity CMS, leveraging Cloudflare for hosting and security proxying, and uses modern video streaming technologies. However, the site suffers from a critical security flaw due to an invalid SSL certificate and lack of TLS protocol support, which severely impacts its security posture. Privacy compliance is basic with a privacy policy and terms of service present, but no explicit cookie policy page. Overall, the site is professional and content-rich but requires urgent security improvements to protect user data and trust.

Oaktree Capital Management, L.P. operates a comprehensive real estate investment platform focusing on undervalued properties with an emphasis on risk control and value-added strategies. The company targets institutional and public investors, leveraging a global footprint and extensive industry expertise to manage and grow real estate assets. The website reflects a mature enterprise with professional content, consistent branding, and a clear business model centered on real estate investment management. Technically, the site uses modern frameworks such as Bootstrap 5 and jQuery, hosted likely behind Cloudflare, and employs Sitefinity CMS. However, performance is slow with a high resource count and long load times. Security posture is weak due to the absence of a valid SSL certificate, lack of security headers, and missing DNSSEC, which significantly lowers the security score. Privacy compliance is well addressed with a cookie consent banner and a comprehensive privacy policy. Overall, the site is professional and trustworthy but requires urgent security improvements to protect users and data.

O

Oaktree Capital Management, L.P.

oaktreeacquisitioncorp.com

0

Oaktree Acquisition Corp. is a finance-focused platform operating multiple SPAC vehicles to facilitate investment and acquisition transactions. The company is positioned as an established player in the SPAC market, targeting investors and partners interested in SPAC transactions. The website presents clear business information, including multiple SPAC vehicles and recent news updates, reflecting a professional and consistent brand image. Technically, the site uses modern front-end frameworks such as Bootstrap 5 and integrates with Cloudflare for hosting and CDN services. However, the absence of a valid SSL certificate and lack of modern TLS protocols significantly weaken the security posture. Privacy compliance is partially addressed through Evidon cookie consent mechanisms and a privacy policy hosted on the parent domain, but GDPR compliance is not clearly demonstrated. Overall, the website is functional and informative but requires critical security improvements to enhance trust and compliance.

O

Oaktree Specialty Lending Corporation

oaktreespecialtylending.com

0

Oaktree Specialty Lending Corporation operates as a business development company providing investors access to Oaktree Capital Management’s credit platform. The company focuses on generating income and capital appreciation through flexible financing solutions emphasizing risk control and consistency. The website presents a professional and content-rich experience with investor relations, press releases, and market insights. Technically, the site uses modern frameworks such as Bootstrap 5 and is built on Sitefinity CMS, but suffers from slow load times and lacks a valid SSL certificate, impacting security posture. The security configuration is weak with no HTTPS, no security headers, and no DNSSEC, exposing the site to potential risks. Privacy compliance is well addressed with Evidon consent management and clear privacy and cookie policies. Overall, the site is functional and professional but requires urgent security improvements to protect users and enhance trust.

B

Brookfield Oaktree Wealth Solutions

brookfieldoaktree.com

0

Brookfield Oaktree Wealth Solutions is a prominent investment management firm specializing in alternative investments including real estate, infrastructure, private equity, renewables, credit, and equities. The company leverages the expertise of its parent and partner companies, Brookfield Corporation and Oaktree Capital Management, to provide institutional-caliber solutions to financial advisors and private wealth investors. The website is professionally designed with comprehensive content and clear navigation, targeting a sophisticated financial audience. Technically, the site is built on Drupal 10 and hosted on Pantheon, employing modern web technologies and analytics tools such as Google Tag Manager and LinkedIn Insight Tag. Security posture is moderate; while security headers are implemented, the SSL certificate is invalid, which poses a significant risk. Privacy compliance is strong with clear privacy and cookie policies and consent mechanisms in place. Overall, the site demonstrates high business credibility and professionalism but requires urgent SSL certificate remediation to improve security and trust.

Paytrail Oyj is a leading Finnish payment institution specializing in providing a comprehensive range of payment methods for online merchants under a single agreement. The company serves over 20,000 customers including major Finnish banks and large enterprises, positioning itself as a trusted and scalable payment service provider in the Finnish e-commerce and finance sectors. It operates as part of the Nexi/Nets Group, leveraging strong partnerships and brand recognition. The website is professionally designed, content-rich, and targets online merchants, developers, and partners with detailed service information and customer testimonials. Technically, the site is built on HubSpot CMS with modern marketing and analytics tools integrated, including Cookiebot for consent management and Google Tag Manager for tracking. However, a critical security weakness is the absence of a valid SSL certificate and disabled TLS protocols, which severely impacts the site's security posture. While security headers and privacy policies are well implemented, the lack of proper HTTPS undermines trust and compliance. Overall, the site demonstrates good business credibility and privacy compliance but requires urgent remediation of SSL/TLS issues to ensure secure operations and maintain customer trust.